Tips to Protect Yourself Against Social Engineering Fraud

Tips to Protect Yourself Against Social Engineering Fraud

Attackers regularly use social engineering to get you to disclose sensitive information to them. Social engineering is a term used for a broad range of activities that involve manipulating people to give up confidential information such as passwords, bank information and even control of their computers.

Types of Social Engineering:

Social engineering can take on many forms, depending on the channel used:

• Phishing happens when an attacker sends you an email that contains a malicious link or attachment to get you to click on the link or open an attachment.  The email looks authentic and claims to come from a trusted source such as a retailer you frequently shop with, your bank or other institution.
• Vishing, short for “voice phishing”, is where an attacker attempts to get you to disclose sensitive information over the telephone. Often, the caller claims to represent your bank, a government agency or local law enforcement and uses forceful language to get you to comply with their requests.
• Smishing, short for “SMS phishing”, is a social engineering attack that uses text messages instead of phishing emails to get you to give out sensitive information such as your bank account number.

How to Protect Yourself Against Social Engineering Attacks:

1. Do not click on links or open attachments in suspicious emails. While an email may look legitimate at first glance, taking a closer look at the sender and grammar in the email may help you recognize a fake email. 
2. Do not give out sensitive information over the phone. If you are unsure whether the caller is from the business they claim to represent, call the business back at a number you have verified through another source.  For example, the contact number listed on a company’s official website. 
3. Do not click on links in suspicious text messages. Just like with phishing, attackers try to get you to click on malicious links in text messages.  Verify the sender with a trusted source before you click a link or respond.

It’s important to note that FNBO and many other financial institutions will never send you an unsolicited message via email or text asking you to verify an account number, password, PIN (Personal Identification Number) or Social Security number.  If you receive a message that threatens to close your account, or claims your account has been compromised, it likely is fraudulent.  An attacker is trying to get you to act quickly and click a malicious link.

If you believe you have received a suspicious email that purports to be from your financial institution, immediately forward it to their fraud department. If you’re an FNBO customer, you can forward the email to reportfraud@fnni.com.  Do not modify the message, subject, or any links within the email. Once you forward the email, you can delete it.  Remember, do not click on any links, or respond in any way. 

If you clicked on a link or believe you may have unintentionally compromised your account information, contact us or your financial institution immediately.